Format String Vulnerability in Symantec AntiVirus Products
CVE-2006-4802

Currently unrated

Key Information:

Vendor: Symantec
Status: Client Security; Norton Antivirus
Vendor: CVE Published:; 14 September 2006

What is CVE-2006-4802?

A format string vulnerability exists in the Real Time Virus Scan service of Symantec AntiVirus Corporate Edition (versions 8.1 to 10.0) and Client Security (versions 1.x to 3.0). This security flaw allows local users to execute arbitrary code through a flaw in the handling of alert notification messages. Notably, this is a distinct vulnerability from CVE-2006-3454, indicative of a broader security concern within Symantec's products.

References

http://securitytracker.com/id?1016842

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/28937

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/19986

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 14, 2006
Vulnerability Reserved
Sep 14, 2006